Apple Technical White Paper Presented By : Rajhesh Babu.

Slides:



Advertisements
Similar presentations
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Advertisements

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
This presentation will take a look at to prevent your information from being discovered by and investigator.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Issues and Challenges in Cloud Computing
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.
ENCRYPTION Coffee Hour for August HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Chapter 5 Roles and features. objectives Performing management tasks using the Server Manager console Understanding the Windows Server 2008 roles Understanding.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
eScan Total Security Suite with Cloud Security
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Using Windows Firewall and Windows Defender
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Week #7 Objectives: Secure Windows 7 Desktop
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Chapter Fourteen Windows XP Professional Fault Tolerance.
Dell Connected Security Solutions Simplify & unify.
Computer & Network Security
Troubleshooting Windows Vista Security Chapter 4.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Computer Emergency Notification System (CENS)
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Lesson 11: Configuring and Maintaining Network Security
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Understand Encryption LESSON 2.5_A Security Fundamentals.
Introduction TO Network Administration
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Any criminal action perpetrated primarily through the use of a computer.
Jake Horsfield (P3/D1) PURPOSE OF SOFTWARE UTILITIES.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Chapter 40 Internet Security.
Managing Windows Security
Configuring Windows Firewall with Advanced Security
CIS 333Competitive Success/tutorialrank.com
CIS 333 Education for Service-- tutorialrank.com.
Securing Windows 7 Lesson 10.
ONLINE SECURE DATA SERVICE
Introducing NTFS Reliability Security Long file names Efficiency
Presentation transcript:

Apple Technical White Paper Presented By : Rajhesh Babu

Introduction Overview Secure Data Storage & Deletion Public Key Infrastructure Firewalls Core Security Malware Protection Privacy Conclusion

Security is one of the main concerns of any Operating system. Apple strives to ensure that the core of the operating system provides critical protection for services, applications and data. In the view for the organization’s security, all security options should be examined and the need for security must be balanced.

OS X is designed to provide concrete defenses against outside security threats with a series of protective systems. OS X and many of it’s integrated services are built on a foundation of open source solutions. Strong security is a benefit of open source software. An open source development approach provides the transparency to ensure OS X is as secure as possible. OS X has a number of features designed to protect the confidentiality of users and their data.

OS X provides easy-to-use methods for ensuring that files stored are securely protected using Advanced Encrypted Standard(AES). The Data storage options include FileVault 2 and Encrypted Containers(also called as Disk Images). OS X also provides methods for deleting files securely which prevents deleted files from being recovered. Data deletion options include Secure Empty Trash, Secure Erase and Remote Lock and Wipe.

FileVault 2 : FV2 was introduced in OS X Lion, provides full disk encryption for Data-at-rest(DAR) protection. Initial encryption is fast and unobtrusive, meaning all data is encrypted in the background. During the setup, FV integrates a recovery key as a safety net for accessing the encrypted volume. The two different recovery keys are personal recovery key and institutional recovery key. With FV 2 enabled, a user must enter valid login credentials or a recovery key before the computer can access the files and continue with the boot process.

Encrypted Containers – Disk Images: With the Disk Utility tool, you can easily create encrypted Containers known as “disk images”, by using 128-bit or a stronger 256-bit AES encryption. When the underlying disk image is encrypted, any files and folders placed under it are encrypted and decrypted automatically. When you decrypt a disk image, blocks of file data are decrypted in real time. This encryption/decryption process is nonintrusive to the user and creating an encrypted disk image is simple as clicking the the New Image button in Disk Utility.

Secure Empty Trash: OS X includes a Secure Empty Trash command to prevent deleted files from being recovered. You can access the same functionality and more advanced management from the command line. Secure Erase: Just as deleting a file from a computer doesn’t truly remove it, erasing the hard drive doesn’t truly remove the data from a drive. Disk Utility includes a variety of options to securely erase old data on an entire drive or volume. The secure erase options are 1. Fastest : default action that occurs when you erase or reformat a drive or volume.

2. Zero Out Data : This option will write zeros over all the data at once. This is the quickest but less secure pass secure : This option is a DOE-compliant 3 pass secure erase. 4. Most secure : This writes seven diff passes of information to the drive. Time consuming, but secure. Remote Lock and Wipe : Using OS X, you organization’s IT department can offer users a web-based method for remote locking and even wiping their systems. IT can use Profile Manager to lock, Unlock and wipe a remote MAC without user intervention.

Public key Infrastructure(PKI) is all the components (i.e hardware,software,policies,processes) and the complex interactions that occur among them. OS X is designed as a OS based PKI where all the services are performed by the OS and not by the individual applications. Digital Certificates : The fundamental basis of a PKI is a “digital identity”, which consists of a digital certificate and corresponding public and private keys.

OS X uses digital certificates to support secure collaboration and enable the following services: Authentication Data Integrity Encryption Nonrepudiation Technologies in OS X that can use digital certificates: FileVault/encrypted disk images Login Window Safari Remote Login Mail System Administration

Basic purpose of a firewall is to control connections made to a computer from other computers or devices on a network. For casual users, Apple provides an “Application layer firewall” where users can control connections on a per application basis, rather than per service basis. For IT professionals with more complex needs and knowledge, Apple provides “IPFW2 firewall” for finer grained control. Since IPFW2 processes traffic at packet level which is lower in the networking stack than the Application Layer Firewall.

In addition to securing local data and network access, OS X employs techniques to protect the core functioning of the operating system and applications. Some Techniques are 1. Mandatory Access Controls : This access control mechanism enforce restrictions on access to system resources. Mandatory access controls are integrated with the exec system service to prevent execution of applications that aren’t authorized.

2. Sandboxing : This helps ensure applications do only what they are intended to do and prevent malicious code from hijacking applications and OS services to run their own code. 3. Execute Disable : One of the most common techniques used by developers of malicious software to gain unauthorized access is called “buffer overflow”. To avoid this OS X has provided no-execute stack protection by taking advantage of the XD function available in recent Intel processors.

Protecting data, workstations and servers within a network goes beyond encryption and access controls. OS X is not generally associated with high risks for viruses or other forms of malware, some forms of malware have been discovered that may affect it. Application Quarantine : Quarantining applications help prevent users and processes from accidently running applications of unknown origin, which are potentially malicious.

Identification and Removal : When unknown executable code is downloaded to the Mac, OS X provides protection by ensuring that the code will never execute if it’s one of the known pieces of malware. Because the malware code is already quarantined, OS X can remove the malware and notify the user of the blocked attempt. Antivirus Protection : When the antivirus deployment to the OS X systems within an organization is centrally managed, you can use central antivirus management to alert administrators the presence of viruses on individual systems.

With increased number of devices, apps and services, the increase need for keeping personal info private. For example : when using navigation or mapping services users must allow their private devices to provide exact location data, but revealing those details can expose private info to unauthorized service or application. Location Services : OS X provides preference controls and ability to control location services. Includes a Privacy Pane – for enabling and disabling location services as well as usage of data.

Online Privacy : A Privacy pane provides info about and control over online privacy. Users can clear website data, customize cookie settings and decide whether websites can request location information. Privacy pane in Safari also includes web history, where each site is stored and what data is stored on the Mac.

Security is the ever-present concern of every IT department regardless of the OS they use. OS X offers a solid set of security components that are built-in to every Mac. Industry-standard solutions and meeting the security guidelines from the U.S federal government agencies make the impact of security.

Apple’s Technical White Paper

Questions???

Thank you